bindings/scripts/CodeGeneratorJS.pm: Tweaked mechanism for includes to be a bit
more consistent and to make SVGElement.h be included in the header rather than in
every implementation file that includes the header. Added code to use getAttribute
and setAttribute directly when the [Reflect] extended attribute is used.

bindings/scripts/CodeGeneratorObjC.pm: Ditto.

html/HTMLElement.idl: Used [Reflect] for all the attributes in this class that
reflect content attributes. Restricting this to one class for now to keep the
patch small and start out slowly.

Extend the LiteralParser to support the full strict JSON
grammar, fix a few places where the grammar was incorrectly
lenient. Doesn't yet support the JSON.parse reviver function
but that does not block the JSON.parse functionality itself.

Add a hook to the WebKit launcher application to allow a link on the nightly build start page to
trigger an update via the built-in software update mechanism.

Reviewed by Sam Weinig.

WebKitLauncher/WebKitLauncher.xcodeproj/project.pbxproj:

WebKitLauncher/WebKitLauncherURLProtocol.h: Added.

WebKitLauncher/WebKitLauncherURLProtocol.m: Added.

(+[WebKitLauncherURLProtocol load]):
(+[WebKitLauncherURLProtocol canInitWithRequest:]): Only allow use of the x-webkit-launcher scheme from .webkit.org subdomains.
(+[WebKitLauncherURLProtocol canonicalRequestForRequest:]):
(-[WebKitLauncherURLProtocol startLoading]):
(-[WebKitLauncherURLProtocol stopLoading]):
(-[WebKitLauncherURLProtocol handleIsWebKitLauncherAvailableJS]): Return a brief JavaScript snippet that can be used to programatically
determine whether the x-webkit-launcher is available and working.
(-[WebKitLauncherURLProtocol handleCheckForUpdates]): Trigger a software update on the main thread.
(-[WebKitLauncherURLProtocol resourceNotFound]): Fail with a generic "File does not exist" error.

Added optimized GC for MessagePorts when the entangled port is run by the same thread.
Fixed bug in isProxyFor() that was not properly throwing an exception when trying to clone the entangled port.

bindings/js/JSDOMBinding.cpp:
(WebCore::markActiveObjectsForContext):
Now marks remotely entangled ports as in-use, in addition to those with pending activity.

bindings/js/JSMessagePortCustom.cpp:
(WebCore::JSMessagePort::mark):
Now checks if the entangled port is local (run by same thread) and if so mark()s it.

dom/MessagePort.cpp:
(WebCore::MessagePort::postMessage):
(WebCore::MessagePort::disentangle):
Removes cloned ports from the ScriptExecutionContext - this allows cloned ports to be GC'd as otherwise they look like remotely entangled ports.
(WebCore::MessagePort::start):
(WebCore::MessagePort::locallyEntangledPort):
Added API for fetching the entangled port if it is run by the same thread

dom/MessagePort.h:

dom/MessagePortProxyWrapper.h:

dom/default/MessagePortProxy.cpp:
(WebCore::MessagePortProxyWrapper::locallyEntangledPort):
Added API for fetching the entangled port if it is run by the same thread
(WebCore::MessagePortProxy::hasPendingActivity):
Changed definition of hasPendingActivity() to be stricter - only returns true if there are pending messages.
(WebCore::MessagePortProxy::locallyEntangledPort):

Refactored MessagePortProxy into MessagePortChannel and a platform-dependent PlatformMessagePortChannel
implementation. Modified APIs to simplify cross-process implementations by moving the messaging code
entirely into the platform-dependent proxy.

Created a thread-safe default PlatformMessagePortChannel implementation.

Changed DOMWindow messaging to create the MessageEvent in the target ScriptExecutionContext to match how
cross-thread MessagePorts work.

GNUMakefile.am:

WebCore.vcproj/WebCore.vcproj:

WebCore.xcodeproj/project.pbxproj:

Added MessagePortChannel/PlatformMessagePortChannel files.

bindings/js/JSMessagePortCustom.cpp:
(WebCore::JSMessagePort::mark):

Changed ports to not mark their entangled pair as reachable, per the spec.

bindings/v8/custom/V8MessagePortCustom.cpp:

dom/MessageChannel.cpp:
(WebCore::MessageChannel::MessageChannel):

Updated to use PlatformMessagePortChannel::createChannel() to entangle the ports.

dom/Node.cpp:
(WebCore::Node::dispatchGenericEvent): Make the DOMWindow the currentTarget when events are dispatched
to it. We previously used the document because DOMWindow was not yet an EventTarget.

editing/TextIterator.cpp:
(WebCore::TextIterator::handleReplacedElement): When entering a text control,
start at the top of the shadow tree (by calling shadowTreeRootNode). Also
remove assumption that innerTextElement will never be 0 since RenderTextControl
doesn't really guarantee this.

Unfortunate the arm compiler does not like the use of offsetof on JITStackFrame (since it now contains non POD types),
and the FIELD_OFFSET macro does not appear constantish enough for it to be happy with its use in COMPILE_ASSERT macros.

The code in WebCore allows us to interpret a Pan gesture as
a mousewheel event, and we are able to reuse the scrolling code.
Another constructor was created in WheelEventWin which takes data
better suited to the pan guesture than what was currently there.

The code in WebCore allows us to interpret a Pan gesture as
a mousewheel event, and we are able to reuse the scrolling code.
Another constructor was created in WheelEventWin which takes data
better suited to the pan guesture than what was currently there.

This fixs the bug 26361. The original test case did not invoke the event that
triggered the actual test. This patch adds code to invoke this event, and also
converts it from a pixel test to a dumpAsText test.

Use "NativeFunctionWrapper" instead of "PrototypeFunction" in cross-frame
accessors, so the type of object you get to wrap a function is the same,
regardless of whether the access to the function is cross-frame.

This is faster and more idiomatic than what we had before. It also would
have avoided Bug 26532 because it would have prevented a conflicting
PrototypeFunction from being allocated to wrap postMessage, where a
NativeFunctionWrapper had been allocated previously.

Fix a crash that could occur in complex content due to timing issues
when doing a partial layer tree rebuild which is required when painting;
setCompositingParent() could be called with a parent which has not been made
compositing yet.

​https://bugs.webkit.org/show_bug.cgi?id=26460 part three
Make BMPImageReader a standalone class that is used by ICOImageDecoder
and BMPImageDecoder to decode individual BMPs within a file. These
decoders now inherit directly from ImageDecoder.

This also makes these decoders decode on-demand in isSizeAvailable() and
frameBufferAtIndex(), like the other decoders, instead of when setData()
is called, like before. This should provide a speedup on pages
containing BMPs that aren't immediately onscreen.

​https://bugs.webkit.org/show_bug.cgi?id=26540
Currently the SunSpider test driver lacks an option to run a test suite that
will test JavaScriptCore parsing performance only. This patch adds just such
a test suite and option to SunSpider as well as the jsc test shell. I've included
three large javascript source files found in the wild: jquery, mootools and prototype.
Combined with the concatenation of all three, these form a new testsuite to measure
and test pure JavaScriptCore parsing performance.

There is no new test because this cannot be tested deterministically.
I've not been able to cause a crash at all in the test framework, but
I have verified that this is happening in the wild and that the patch
fixes the likely cause in the debugger.

loader/TextResourceDecoder.cpp: careful not to iterate off the end
of our input buffer looking for the end of the comment.

fix <rdar://problem/6967596> Safari hung using 100% CPU when I tried
to look up a word in Dictionary using command-control-d

Test: editing/selection/move-by-line-005.html

The root cause of this bug was searchAheadForBetterMatch() continuing
past the first rendered text object after the given object. While we
want to skip non-rendered text and empty containers, when we encounter
rendered text object, we must return a text box for that object.

dom/Position.cpp:
(WebCore::searchAheadForBetterMatch):

LayoutTests:

Reviewed by Dave Hyatt.

text for <rdar://problem/6967596> Safari hung using 100% CPU when I
tried to look up a word in Dictionary using command-control-d

The problem is that we're calculating the timezone relative to 01/01/2000,
but the VET timezone changed from -4 hours to -4:30 hours on 12/09/2007.
According to the spec, section 15.9.1.9 states "the time since the beginning
of the year", presumably meaning the *current* year. Change the calculation
to be based on whatever the current year is, rather than a canned date.

Change the implementation of op_throw so the stub function always modifies its
return address - if it doesn't find a 'catch' it will switch to a trampoline
to force a return from JIT execution. This saves memory, by avoiding the need
for a unique return for every op_throw.

jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_throw):

JITStubs::cti_op_throw now always changes its return address,
remove return code generated after the stub call (this is now
handled by ctiOpThrowNotCaught).

Make readUintX() public and static (since they will need to be once
BMPImageReader is included in *ImageDecoder via composition rather
than inheritance). Add wrappers in each class so callers can be
simpler. In the next patch, these wrappers will be beefed up slightly
and the callers will get even simpler.

Change direct setting of m_failed to use setFailed(), since in the
next patch much of this code won't even have direct access to m_failed

Add a helper function in ICOImageDecoder to determine the image type
instead of simply doing it inline

Rewrap lines that used to be <=80 cols and slipped over it during the
original landing of these decoders

Other misc. changes, e.g. adding constructor definitions, reordering
functions, changing RGBA32Buffer& to RGBA32Buffer*, etc. that have no
functional effect but minimize the subsequent diff for readability

​https://bugs.webkit.org/show_bug.cgi?id=26460 part one
Make isSizeAvailable non-const, since it's not logically const (it
triggers lazy decoding), and simplify all the implementations (without
changing behavior; just make less verbose). Remove some other
inappropriate consts, which enables the removal of all the mutable
declarations in the decoders.

platform/image-decoders/ImageDecoder.h:
(WebCore::ImageDecoder::isSizeAvailable):
(WebCore::ImageDecoder::setSize): Make public to avoid needing a friend declaration in the JPEG decoder, and because the ICO/BMP decoders will soon need this.

When deciding which RenderLayers should be composited, when a layer goes into
compositing mode we repaint the old location. However, we did that before
we'd looked at all the factors that may force a layer to composite, so missed
some cases. Fix by doing the repaint once we really know whether it's going
to composite.

DumpRenderTree/mac/DumpRenderTreeWindow.mm:
(-[DumpRenderTreeWindow close]): Resolved crashes seen during regression
tests. The close method can be called on a window that's already closed
so we can't assert here.

For marking I decided not to use gcProtect, because this is inside the engine
so it's easy enough to just do marking. And that darned gcProtect does locking!
Oliver tried to convince me to used MarkedArgumentBuffer, but the constructor
for that class says "FIXME: Remove all clients of this API, then remove this API."

runtime/JSONObject.cpp: Cut down the includes to the needed ones only.
(JSC::unwrapNumberOrString): Added. Helper for unwrapping number and string
objects to get their number and string values.
(JSC::ReplacerPropertyName::ReplacerPropertyName): Added. The class is used
to wrap an identifier or integer so we don't have to do any work unless we
actually call a replacer.
(JSC::ReplacerPropertyName::value): Added.
(JSC::gap): Added. Helper function for the Stringifier constructor.
(JSC::PropertyNameForFunctionCall::PropertyNameForFunctionCall): Added.
The class is used to wrap an identifier or integer so we don't have to
allocate a number or string until we actually call toJSON or a replacer.
(JSC::PropertyNameForFunctionCall::asJSValue): Added.
(JSC::Stringifier::Stringifier): Updated and moved out of the class
definition. Added code to hook this into a singly linked list for marking.
(JSC::Stringifier::~Stringifier): Remove from the singly linked list.
(JSC::Stringifier::mark): Mark all the objects in the holder stacks.
(JSC::Stringifier::stringify): Updated.
(JSC::Stringifier::appendQuotedString): Tweaked and streamlined a bit.
(JSC::Stringifier::toJSON): Renamed from toJSONValue.
(JSC::Stringifier::appendStringifiedValue): Renamed from stringify.
Added code to use the m_holderStack to do non-recursive stringify of
objects and arrays. This code also uses the timeout checker since in
pathological cases it could be slow even without calling into the
JavaScript virtual machine.
(JSC::Stringifier::willIndent): Added.
(JSC::Stringifier::indent): Added.
(JSC::Stringifier::unindent): Added.
(JSC::Stringifier::startNewLine): Added.
(JSC::Stringifier::Holder::Holder): Added.
(JSC::Stringifier::Holder::appendNextProperty): Added. This is the
function that handles the format of arrays and objects.
(JSC::JSONObject::getOwnPropertySlot): Moved this down to the bottom
of the file so the JSONObject class is not interleaved with the
Stringifier class.
(JSC::JSONObject::markStringifiers): Added. Calls mark.
(JSC::JSONProtoFuncStringify): Streamlined the code here. The code
to compute the gap string is now a separate function.

fast/js/resources/JSON-stringify.js: Changed the infinite object and
infinite array tests to instead just test something a fixed number of
levels deep. Otherwise we end up with an infinite loop in the test,
which would lead to the slow-script dialog in the production web browser.
Also raised the number from 512 to 2048 since there's no fixed limit any more.

html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::mediaPlayerSawUnsupportedTracks):
(WebCore::HTMLMediaElement::mediaPlayerRepaint):
Just move these methods to group the render-related methods together.

(WebCore::HTMLMediaElement::mediaPlayerRenderingCanBeAccelerated):
Call out method to ask the RenderLayerCompositor if presentation of this video
can be acclerated. It might say no, if, for example, the video has a reflection.

(WebCore::HTMLMediaElement::mediaPlayerGraphicsLayer):
Fetch the GraphicsLayer from the RenderVideo that will host the movie layer.

html/HTMLMediaElement.h:
Reordered the rendering-related methods, and added two methods related to video
acceleration.

platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::acceleratedRenderingStateChanged):
Called by the rendering system when it determines that the video must go into, or
fall off of the hardware-accelerated path.

(WebCore::MediaPlayerClient::mediaPlayerRenderingCanBeAccelerated):
(WebCore::MediaPlayerClient::mediaPlayerGraphicsLayer):
New methods to ask the client if the rendering system can support accelerated
rendering, and to get a GraphicsLayer to plug the movie layer into.

platform/mac-leopard/fast/media/mq-transform-03-expected.txt: Copied from LayoutTests/platform/mac/fast/media/mq-transform-03-expected.txt.
Copy the old "mac" results to "mac-leopard" since 3d-rendering is disabled there.

If loading a font fails because of the sandbox, we ask the browser process to
try to load it by calling ensureFontLoaded. If it still fails after
ensureFontLoaded, we hit a ASSERT_NOT_REACHED.

This case happens once in a while during browser shutdown. The browser will
queue a message to the renderer to shutdown, and will then stop answering sync
messages from the renderer. If the renderer is still loading a page during this
time, it might try to call the browser process to ask to load a font. The
browser process will ignore the request, and the font will fail to load, even
after the second try.

This is unfortunate, but there is no real risk here, since the renderer will be
going away as soon as it processes another message.

platform/FileChooser.cpp:
(WebCore::FileChooser::chooseFiles): Suppress change event if the
existing selected files and the incoming selected files are equal.
(WebCore::FileChooser::chooseIcon): Returns 0 if there is no selected
files.

<rdar://problem/6974175> ASSERT in JITStubs.cpp at appsaccess.apple.com

Remove PropertySlot::putValue - PropertySlots should only be used for getting,
not putting. Rename JSGlobalObject::getOwnPropertySlot to hasOwnPropertyForWrite,
which is what it really was being used to ask, and remove some other getOwnPropertySlot
& getOwnPropertySlotForWrite methods, which were unused and likely to lead to confusion.

<rdar://problem/6974175> ASSERT in JITStubs.cpp at appsaccess.apple.com

JSDOMWindowCustom was using PropertySlot::putValue, however this interface
appears to be fundaementally incorrect - PropertySlots are only used to get
values, all puts use PutPropertySlot. However PutPropertySlot cannot be
used in the fashion desired here - it only reports the caching type of a
write that has been performed.

(This caused a bug where the put should have triggered a transition, and
failed to do so.)

Removing the faulty case from the optimization leads to a ~0.5% progression
on in-browser SunSpider (presumably the very first case was not being hit
often, and the simplification here is beneficial).